PT-2026-42828 · Unknown · Pcmanfm-Qt

Published

2026-05-22

·

Updated

2026-05-26

·

CVE-2026-48700

CVSS v4.0

9.3

Critical

VectorAV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N/R:I/V:D/RE:M/U:Clear
Name of the Vulnerable Software and Affected Versions PCManFM-Qt versions 1.1.0 and later
Description An issue exists where PCManFM-Qt delegates to a different program based on file type without user confirmation when a regular file path is passed as a URI in the 'org.freedesktop.FileManager1.ShowFolders' D-Bus method call. This behavior can be leveraged to achieve code execution or bypass network namespace restrictions.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-48700

Affected Products

Pcmanfm-Qt